Hello Jaben, The patch is attached.
Thanks, Scott -- ShellPkg: Prevent StrnCpy from overwriting null terminator when source is larger than destination. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Scott Duplichan <[email protected]> -- -----Original Message----- From: Carsey, Jaben [mailto:[email protected]] Sent: Tuesday, September 02, 2014 12:10 PM To: Scott Duplichan; [email protected] Cc: Carsey, Jaben Subject: RE: [edk2] ShellPkg: Refactor string manipulation in commands (#6) Good point. Do you want to submit a patch? > -----Original Message----- > From: Scott Duplichan [mailto:[email protected]] > Sent: Saturday, August 30, 2014 10:10 PM > To: [email protected]; Carsey, Jaben > Subject: RE: [edk2] ShellPkg: Refactor string manipulation in commands (#6) > Importance: High > > Though I didn't confirm this with a debugger, it looks like the terminating > null > character could be lost in the last two StrCpy => StrnCpy changes in this > patch: > > - StrCpy (ConfigResp, ConfigHdr); > + StrnCpy (ConfigResp, ConfigHdr, Length + NIC_ITEM_CONFIG_SIZE * 2 > + + 100); > > ConfigResp is created by AllocateZeroPool, so the null terminator is there > initially. But doesn't StrnCpy arg 3 need a -1 to keep it from being > overwritten? > > Thanks, > Scott > > > -----Original Message----- > From: Bjorge, Erik C [mailto:[email protected]] > Sent: Friday, August 29, 2014 05:02 PM > To: Carsey, Jaben > Cc: [email protected] > Subject: Re: [edk2] ShellPkg: Refactor string manipulation in commands (#6) > > Reviewed-by: Erik Bjorge <[email protected]> > > -----Original Message----- > From: Carsey, Jaben > Sent: Friday, August 29, 2014 3:00 PM > To: Bjorge, Erik C > Cc: [email protected]; Carsey, Jaben > Subject: ShellPkg: Refactor string manipulation in commands (#6) > > Erik, > > Can you verify please? > > This patch replaces StrCpy with StrnCpy or refactors out the usage of StrCpy > through some other means. > This patch replaces StrCat with StrnCat or refactors out the usage of StrCat > through some other means. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jaben Carsey <[email protected]> > > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/edk2-devel
Ifconfig.c.patch
Description: Binary data
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
